-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Martin v. Löwis wrote: >> I propose a policy change for packages registered with PyPI: >> >> - packages registered on PyPI have at least one release >> >> - one release of registered package on PyPI _must_ contain >> a valid source code distribution (sdist) >> >> - packages registered on PyPI without releases or without >> source code release are subject to be removed after N days >> after the day of registration > > So how would you implement that policy change? Please propose a phased > approach, that gives affected people plenty of options to intervene if > they disagree with the policy. >
It should be fairly easy to figure out affected packages through some DB query (in fact a similar functionality is already implemented on top of the XMLRPC API in my zopyx.trashfinder package). For such packages: send out an email to the package maintainer informing him about the problem and instructing him to fix the problem within N days. After N days: recheck the package state and unregister the package if necessary. Or perhaps a less rude approach: introduce status field for each package (ACTIVE/INACTIVE) and set the state to INACTIVE when the package does not comply with this policy. Inactive packages won't be listed on PyPI and won't be searchable on PyPI. Inactive status should be visible to the author (in logged-in state) with some warning "Package is inactive..please upload your sdist....). Andreas -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkwZykMACgkQCJIWIbr9KYy81wCfWjjQ8yTQbhO6xIfqPYiHQHcc 44sAn2YYFxFPHwJ0PywX306DcMOcabix =UtO+ -----END PGP SIGNATURE-----
<<attachment: lists.vcf>>
_______________________________________________ Catalog-SIG mailing list Catalog-SIG@python.org http://mail.python.org/mailman/listinfo/catalog-sig
